TF-CSIRT CERT and System Security Information

• Reports, Documents for Discussion and Comments
• Information pages at European CERTs
• Other Information Resources
• Forums and Mailing lists
• Legal issues
• IETF Security related activity and information
• Other Standards

Reports, Documents for Discussion and Comments

• A Consensus Of the High Impact, Low Cost, Core Actions for a Program of System and Network Security. - Essential Security Action by SANS Institute.

Consensus list of fundamental security actions that raise barriers to thwart those attacks that target repeatedly-exploited system vulnerabilities. Each security measure on this list has an implementation cost that is relatively low in comparison to its impact.
• Intrusion Detection FAQ by SANS Institute [ Version 1.52 ]

CVE list is a list of standardised names for Vulnerabilities and other Information Security Exposures aimed to easy sharing data across separate vulnerability databases and security tools. The content of CVE is a result of a collaborative effort of the CVE Editorial Board of many security-related organizations such as security tool vendors, academic institutions, and government as well as other security experts.

NIST Recommendation: SP 800-51. Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme, September 2002

"ICMP Usage in Scanning", by Ofir Arkin (PDF, PostScript)

JANET-CERT: Security Information pages

• Summary and index of computer security documents.
• Bibliography of computer security documents.
• Advice and tools for improving the security of computer systems and networks.
• Links to other computer security related sites.
• Guidance on investigating DDoS incidents by UKERNA

• CERT-NL Security bulletins
• CERT-NL Informational Bulletins

GARR-CERT Security Alerts (Italian)

LUX-CERT Information page

UNINETT security information

NIST CSRC Publications

Computer Incident Advisory Capability (CIAC)
CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. CIAC is an element of the Computer Security Technology Center (CSTC)

• CIAC Security resources
• CIAC Documents provide information on a wide variety of computer and information security topics, with an emphasis on issues of importance within the Department of Energy.

• Documents index
• Security Tools

Internet Security Systems, Inc.

• Security Center: Powered by X-Force
• X-Force Allert List

Security Focus Vulnerability Database

Hiverworld Public Vulnerability Database

NTBugtraq Vulnerability Database

Latest virus info from Network Associates

SECURITY at ITWorld.com
Authentication - PKI - Biometric - Encryption - Intrusion - Prevention - Firewalls
 

Unsolicited Commercial Email (Spam) - Technical and Legal issues

• RIPE Anti-Spam Working Group
• EuroCAUCE Homepage - The European Coalition Against Unsolicited Commercial Email
• LINX Best Current Practice for combating Unsolicited Bulk Email

The CERT® Advisory Mailing List
Used to distribute copies of CERT/CC advisories and summaries ISS X-Force Mailing Lists

• Other Security Related Lists

SecurityFocus Mailing Lists Aarchives

SANS mailing lists

• SANS NT Digest (monthly)
• SANS NewsBites (weekly)
• SANS Network Security Digest (monthly)

Computer law and legislature in European countries at EuroCERT site

Crypto Law Survey by Bert-Jaap Koops

ICRI, Interdisciplinary Center for Law and IT (Belgium)

World Cryptography Survey by Global Internet Liberty Campaign
 

Site Security and Incidents Response related RFCs

RFC 2196. Site Security Handbook (replaces the now obsolete RFC1244)
RFC 2350. Expectations for Computer Security Incident Response (June 1998)
RFC 2505. Users' Security Handbook (Feb 1999)
RFC 2828. Internet Security Glossary
RFC3013.  Recommended Internet Service Provider Security Services and Procedures

Current IETF Working Groups

INCH-WG (Incident Handling) - Security Area

The purpose of the Incident Handling (inch) working group is to define data formats for communication between a CSIRT and its constituency, a CSIRT and parties involved in an incident investigation and between collaborating CSIRTs sharing information.
This format will support the now largely human-intensive dimension of the incident handling process. It will represent the product of various incremental data gathering and analysis operations performed by a CSIRT from the time when the system misuse was initially reported (perhaps by an automated system) till ultimate resolution.
Specifically, the working group will address the issues related to representing: the source(s) and target(s) of system misuse, as well as the analysis of their behavior; the evidence to support any analysis results; a scheme to document the incident investigation and analysis process; and constructs to facilitate the exchange of security information across administrative domains (e.g., internationalization, data sensitivity).  The WG will investigate the information model needed to support the typical, operational workflow of the incident handling processes found at Internet Service Providers; Managed Security Service Providers; Risk Analysis vendors; and traditional, internal CSIRTs.

IDWG (Intrusion Detection Exchange Format)  - Security Area

Scope of IDWG is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them. Issues are rather related to operation level than to application. WG Activity contributed by specialists from ISS, Boeing Co, IBM, CyberSafe Corporation, Nokia and some Universities.

Computer Systems Security documents
Rainbow Series Library

The Common Criteria VERSION 2.1/ISO IS 15408 (MIL site; Common Criteria Project at NIST; International Common Criteria Project Home page)
The Common Criteria (CC) is presented as a set of distinct but related parts as identified below.

CCIMB-99-031. Part 1: Introduction and general model, Version 2.1, 99/031
It defines general concepts and principles of IT security evaluation and presents a general model of evaluation. Part 1 also presents constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems. In addition, the usefulness of each part of the CC is described in terms of each of the target audiences.
• CCIMB-99-032. Part 2: Security functional requirements, Version 2.1, 99/032

Part 2, Security functional requirements, establishes a set of security functional components as a standard way of expressing the security functional requirements for Targets of Evaluation (TOEs). Part 2 catalogues the set of functional components, families, and classes.
• CCIMB-99-033. Part 3: Security assurance requirements, Version 2.1, 99/033

Establishes a set of assurance components as a standard way of expressing the assurance requirements for TOEs. Part 3 catalogues the set of assurance components, families, and classes. Part 3 also defines evaluation criteria for Protection Profiles (PPs) and Security Targets (STs) and prevents evaluation assurance levels that define the predefined CC scale for rating assurance for TOEs, which is called the Evaluation Assurance Levels (EALs).

| Home | Information | Conferences | Innovation | Technical | Library | News |